patch set for #90289

Nikos Mavrogiannopoulos nmav at redhat.com
Wed Jun 24 05:58:39 PDT 2015


On Wed, 2015-06-24 at 10:03 +0200, Nikos Mavrogiannopoulos wrote:
> This patch set eliminates two issues in the proxy module:
> 1. A process using the proxy module would crash if at some point 
> after
[...]
> The issue (1) is very tricky to debug, the reason that the crash
> happened on the parent is not clear to me (they are different 
> processes after all). The crash is in binding_C_Finalize() after 
> having passed from ffi. See the comments in 0004 for the fix.

Things became more clear when I checked libffi's dlmmap_locked() and
the trace.

22225 open("/tmp/ffitnd0s0", O_RDWR|O_CREAT|O_EXCL, 0600) = 3
22225 unlink("/tmp/ffitnd0s0")          = 0
22225 ftruncate(3, 4096)                = 0
22225 mmap(NULL, 4096, PROT_READ|PROT_EXEC, MAP_SHARED, 3, 0) =
0x7f3282c08000
22225 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) =
0x7f3282c07000

My understanding is that libffi allocates shared memory so a
deallocation in the child process would affect a deallocation in the
parent process. I'm not familiar with libffi, but is that the 
intended/documented behavior? Looks pretty scary.

A better/more precise fix (replacement for 0002-Do-not-finalize-modules
-created-in-another-pid.patch) is attached.

regards,
Nikos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Do-not-deinitialize-libffi-s-wrapper-functions-in-ch.patch
Type: text/x-patch
Size: 1362 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/p11-glue/attachments/20150624/0475349f/attachment-0001.bin>


More information about the p11-glue mailing list